Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-39365

Опубликовано: 22 авг. 2021
Источник: debian
EPSS Низкий

Описание

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
grilofixed0.3.13-1.1package

Примечания

  • https://blogs.gnome.org/mcatanzaro/2021/05/25/reminder-soupsessionsync-and-soupsessionasync-default-to-no-tls-certificate-verification/

  • https://gitlab.gnome.org/GNOME/grilo/-/issues/146

EPSS

Процентиль: 53%
0.00299
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-39365

CVSS3: 5.9
ubuntu
почти 4 года назад

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

redhat логотип

CVE-2021-39365

CVSS3: 7.5
redhat
около 4 лет назад

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

nvd логотип

CVE-2021-39365

CVSS3: 5.9
nvd
почти 4 года назад

In GNOME grilo though 0.3.13, grl-net-wc.c does not enable TLS certificate verification on the SoupSessionAsync objects it creates, leaving users vulnerable to network MITM attacks. NOTE: this is similar to CVE-2016-20011.

suse-cvrf логотип

openSUSE-SU-2021:3194-1

suse-cvrf
почти 4 года назад

Security update for grilo

suse-cvrf логотип

openSUSE-SU-2021:1312-1

suse-cvrf
почти 4 года назад

Security update for grilo

EPSS

Процентиль: 53%
0.00299
Низкий